Legal claims defining the scope of protection, as filed with the USPTO.
1. A method, comprising: hashing a media identifier associated with a data storage medium to produce a base key identifier using a processor; obtaining a base key record associated with the base key identifier from a key repository; extracting a counter value from the base key record; and adding the counter value to the base key identifier to produce the key identifier; and accessing a key record associated with the key identifier in the key repository.
2. The method of claim 1 , wherein the act of adding the counter value to the base key identifier to produce the key identifier comprises: incrementing the counter value to produce an incremented counter value; adding the incremented counter value to the base key identifier to produce the key identifier; storing the incremented counter value in the base key record; and storing the base key record in the key repository.
3. The method of claim 2 , further comprising: generating a new encryption key; and generating a new key record, comprising the new encryption key, wherein the act of accessing a key record associated with the key identifier in the key repository comprises: storing the new key record associated with the key identifier in the key repository.
4. The method of claim 3 , further comprising: encrypting data with the new encryption key for storage on the data storage medium.
5. The method of claim 1 , wherein the act of adding the counter value to the base key to produce the key identifier comprises: decrementing the counter value to produce a decremented counter value; adding the decremented counter value to the base key identifier.
6. The method of claim 5 , wherein the act of accessing a key record associated with the key identifier in the key repository comprises: obtaining a key record associated with the key identifier from the key repository; and extracting a data encryption key from the key record.
7. The method of claim 6 , further comprising: decrypting data from the data storage medium with the data encryption key.
8. The method of claim 1 , wherein the act of hashing a media identifier comprises: hashing the media identifier with a secure hash algorithm.
9. The method of claim 1 , wherein the counter value indicates how many encryption keys have been generated for the media identifier.
10. The method of claim 1 , further comprising: truncating the base key identifier to a predetermined length, depending on the key repository.
11. A non-transitory machine-readable storage medium, with instructions for a programmable device stored thereon wherein the instructions cause a processor of the programmable device to perform the method of claim 1 .
12. A programmable device, comprising: a processor; and a storage medium, operatively coupled to the processor, on which is stored software which when executed by the processor causes the processor to perform actions comprising: hashing a media identifier associated with a data storage medium to produce a base key identifier; obtaining a base key record associated with the base key identifier from a key repository; extracting a counter value from the base key record; and adding the counter value to the base key identifier to produce the key identifier; and accessing a key record associated with the key identifier in the key repository.
13. The programmable device of claim 12 , wherein the action of adding the counter value to the base key identifier to produce the key identifier comprises: incrementing the counter value to produce an incremented counter value; adding the incremented counter value to the base key identifier to produce the key identifier; storing the incremented counter value in the base key record; and storing the base key record in the key repository.
14. The programmable device of claim 13 , further comprising: generating a new encryption key; generating a new key record, comprising the new encryption key, wherein the action of accessing a key record associated with the key identifier in a key repository comprises storing the new key record associated with the key identifier in the key repository.
15. The programmable device of claim 14 , further comprising: a cryptographic engine configured to encrypt data with the new encryption key for storage on the data storage medium.
16. The programmable device of claim 12 , wherein the action of adding a counter value further comprises: wherein the action of adding the counter value to the base key to produce the key identifier comprises: decrementing the counter value to produce a decremented counter value; adding the decremented counter value to the base key identifier to produce the key identifier.
17. The programmable device of claim 16 , wherein the action of accessing a key record associated with the key identifier in a key repository comprises: obtaining a key record associated with the key identifier from the key repository; and extracting a data encryption key from the key record.
18. The programmable device of claim 17 , further comprising: a cryptographic engine configured to decrypt data from the data storage medium with the data encryption key.
19. The programmable device of claim 12 , wherein hashing a media identifier comprises: hashing the media identifier with a secure hash algorithm.
20. The programmable device of claim 12 , wherein the counter value indicates how many encryption keys have been generated for the data storage medium.
21. The programmable device of claim 12 , wherein the data storage medium is a tape volume, and wherein the counter value indicates a segment of the tape volume.
22. The programmable device of claim 12 , further comprising: truncating the base key identifier to a predetermined length, depending on the key repository.
23. The programmable device of claim 12 , wherein the programmable device is a switch.
24. The programmable device of claim 12 , wherein the programmable device is a data storage device associated with the data storage medium.
25. A system comprising: a key repository, configured to store data encryption keys; and an encryption device, comprising: a processor; and a storage medium, operatively coupled to the processor, on which is stored software which when executed by the processor causes the processor to perform actions comprising: hashing a media identifier associated with a data storage medium to produce a base key identifier; obtaining a base key record associated with the base key identifier from the key repository; extracting the counter value from the base key record; and adding the counter value to the base key identifier to produce the key identifier; and accessing a key record associated with the key identifier in the key repository.
26. The system of claim 25 , further comprising: a configuration management system, adapted to communicate with the encryption device and to configure the encryption device.
Unknown
May 29, 2012
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.